CVE-2021-20875

Name of the Vulnerable Software and Affected Versions: GroupSession Free edition versions 5.1.1 and earlier GroupSession byCloud versions 5.1.1 and earlier GroupSession ZION versions 5.1.1 and earlier

Description: The issue allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user access a specially crafted URL.

Recommendations: For GroupSession Free edition versions 5.1.1 and earlier, consider restricting access to URLs that could be used for phishing attacks until a patch is available. For GroupSession byCloud versions 5.1.1 and earlier, avoid using URLs that could be exploited for open redirects until the issue is resolved. For GroupSession ZION versions 5.1.1 and earlier, as a temporary workaround, consider disabling access to external URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.